Creating and Configuring GPOs

by dsf3g at 2012-08-16 07:39:15

Is it possible to create, configure and link a GPO using Powershell?

I ask because in our environment, whenever a new application comes online that is run on its own servers, we create a new OU for that application, create a series of Server Access groups that confer various rights on the server (Standard User, Local Admin, Allow Logon Through RDP etc) and leverage Group Policy to assign those rights via Local Security Settings/Local Policy/User Rights Assignment and Restricted Groups.

I’ve already written a script to create the Server Access Groups (their names are derived from the DN of the OU) but it would be really cool to also be able to programatically create and link the GPO.
by JeffH at 2012-08-16 07:49:08
You can create a link a GPO with PowerShell. However, you can’t script the GPO settings. You need the Group Policy module which you get on Win7 by installing and configure RSAT. To script GPO settings you can use a commercial tool like the GP Automation engine from SDM Software.
by RichardSiddaway at 2012-08-17 08:48:17
If I remember correctly SDM used to offer a cmdlet for creating and modifying GPOs - haven’t looked at it for a couple of years though
by coderaven at 2012-09-06 14:30:48
The only thing I can think of for you is to create a good library of Starter GPO that may fit your needs and using PowerShell you can have a new GPO created with a starter GPO and link it where you need it. This is basically why it was designed. The settings you are talking about can get pretty hard to set via code. If you were just working with a GPO Preference, that is just XML and is defined well on Microsoft site.